On Fri, 25 Oct 2024 21:14:25 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> src/java.base/share/classes/java/security/SecureClassLoader.java line 1: >> >>> 1: /* >> >> The class spec still mentions "permissions which are retrieved by the system >> policy by default". Shall we remove it? Also, `getPermissions` always >> returns an empty `Permissions` object, do we need to add an `@apiNote` for >> it? > >> The class spec still mentions "permissions which are retrieved by the system >> policy by default". Shall we remove it? > > Yes I think we can remove that text. > >> Also, getPermissions always returns an empty Permissions object, do we need >> to add an @apiNote for it? > > You mean a warning like we have in the `Permission` subclasses? > > `URLClassLoader` and other subclasses still populate these permissions, but > the plan is to revisit that code and potentially remove it later. I will > remove "granted to" in the `@return` text. Sorry, I got it wrong. I thought this `return new Permissions()` is something new. In fact, it was there before this change. On the other hand, I looked at its subclasses and their `getPermissions(CodeSource cs)` could return quite complicated permission collections. I assume it does not really matter since they are all useless now, right? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/21498#discussion_r1817457008
